Achive.php Cyber Crime Update Archives - The Cyber Shark
Contributor

Cyber Crime Update

BFSI and Tech Lead India’s Cyber Insurance Surge Amid Growing Attacks

India’s Cyber Insurance

Cyber insurance adoption in India is surging, driven by rising cyberattacks, with BFSI and tech sectors holding a 70% market share. Nearly 100% policy renewals and increased first-time buyers highlight its growing role in ensuring business continuity and regulatory compliance. In India, cyber insurance is expanding at an unprecedented rate, with 100% of policies being renewed as companies realize how often cyberattacks are becoming. With a combined 70% market share, the BFSI (35–40%) and technology (30%) sectors are driving uptake, per a survey by Policy Bazaar for Business. The survey also shows that business interruptions caused by data breaches account for 45% of all cyber insurance claims, underscoring the critical role that cyber coverage plays in preserving business continuity. According to the report, the largest penetration of cyber insurance is found in mid-to-large firms with annual sales of at least ₹10 crore, suggesting a better awareness of regulatory requirements and cyber hazards. The following is the adoption breakdown by industry: BFSI (35-40%) – Financial institutions are the biggest buyers of cyber insurance due to increased financial fraud, regulatory scrutiny, and customer data protection requirements. Technology & IT (30%) – IT and internet companies are giving risk mitigation through insurance top priority because of their data-heavy operations and high vulnerability to cyberattacks. Start-ups (25%) – Adoption among rapidly expanding firms is being driven by venture capital investors and contractual responsibilities. Healthcare (5%) – More and more hospitals and healthcare organizations are protecting themselves from ransomware and data intrusions. Logistics (5%) – Logistics companies are investing in coverage as a result of the increased cyber dangers brought about by the growth of digital supply chains. According to the survey, a notable change has also occurred, with 30–35% of companies acquiring cyber insurance for the first time. This implies that individuals are becoming increasingly conscious of the operational and financial risks associated with cyberattacks, especially for start-ups and mid-sized enterprises. More and more businesses are adopting a proactive strategy, acquiring coverage before an attack, in place of a reactive one. What’s driving cyber insurance claims? The survey also sheds light on the reasons why companies are submitting cyber insurance claims, with the biggest percentage (45%) citing business disruptions brought on by data breaches. Claim Type Percentage of Claims Business Interruption from Data Breach 45% Social Engineering Attacks (Phishing, CEO Fraud) 25% Ransomware Incidents 20% Other 10% Businesses are using insurance to cover both direct financial losses and operational disruption as a result of the increase in ransomware attacks and social engineering scams. According to the report, growing contractual duties and regulatory constraints have caused the cyber insurance market to expand rapidly over the past 12 to 24 months. Regulatory compliance: Businesses are being forced to strengthen their cyber resilience in response to more stringent cybersecurity regulations and data protection rules. Contractual requirements: As part of their risk management framework, businesses, particularly in the BFSI and IT sectors, now demand that partners and vendors obtain cyber insurance. Risk assessments: Businesses are aggressively detecting weaknesses and obtaining insurance before problems arise. Eva Saiwal, Head of Liability Insurance at Policy Bazaar for Commercial, notes that “cyber insurance has evolved from a niche product to a business necessity.” The nearly 100% renewal rate suggests that businesses consider it essential. Cyber insurance is now a crucial component that facilitates business continuity in addition to financial recovery. Building a robust digital ecosystem will require incorporating insurance into cyber risk management plans as cyber threats increase.

Mozilla Fixes a Serious Firefox Issue Like the New Zero-Day Vulnerability in Chrome

Mozilla Fixes

Mozilla has patched a critical sandbox escape vulnerability (CVE-2025-2857) in Firefox for Windows, with no evidence of active exploitation. Only a few days after Google patched a similar vulnerability in Chrome that was actively exploited as a zero-day, Mozilla has published fixes to fix a serious security weakness affecting its Firefox browser for Windows. According to descriptions, the security flaw CVE-2025-2857 is an instance of an improper handle that could result in a sandbox escape. “Following the recent Chrome , Mozilla sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC [inter-process communication] code,” an alert from Mozilla stated. “A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape.” In Firefox 136.0.4, Firefox ESR 115.21.1, and Firefox ESR 128.8.1, the flaw that impacts both Firefox and Firefox ESR has been fixed. CVE-2025-2857 has not been exploited in the wild, according to any evidence. To address CVE-2025-2783, which has been used in the wild as part of attacks on Russian government agencies, media outlets, and educational institutions, Google published Chrome version 134.0.6998.177/.178 for Windows. The infection happened when unidentified victims clicked on a specifically constructed link in phishing emails and used Chrome to access the attacker-controlled website, according to Kaspersky, which discovered the activity in mid-March 2025. According to reports, CVE-2025-2783 was linked to another unidentified browser exploit to bypass the sandbox’s restrictions and accomplish remote code execution. Nevertheless, fixing the flaw successfully stops the whole assault chain. Since then, the vulnerability has been added to the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) database, and federal agencies are required to implement the required mitigations by April 17, 2025. To protect themselves from potential threats, users are advised to update their browser instances to the most recent versions.

14 years after rejecting it, Karnataka intends to implement sex education programs.

Karnataka schools to introduce sex education for grades 8-12, focusing on reproductive health, cyber safety and moral values. The initiative marks a shift from previous opposition to such programs. In Karnataka’s schools, sex education has long been a controversial subject. Despite suggestions from Unicef and child rights organisations, the state government flatly rejected a plan to implement it as part of an anti-AIDS initiative in 2011. Officials at the time contended that students would not benefit from such instruction. Now, following years of discussion, Karnataka is adopting a new strategy. Along with moral instruction for younger kids, the government has announced intentions to provide sex education for grades 8 through 12. SEX EDUCATION, COUNSELLING, AND CYBER SAFETY The new proposal calls for local doctors to lead sex education seminars twice a week for students. Teens will learn about reproductive health, cleanliness, and making responsible decisions, as well as how their bodies, emotions, and hormones are changing. Additionally, twice a year, kids in Classes 1 through 10 will get health examinations. Primary Health Centre physicians and nurses will offer advice on disease prevention, proper cleanliness, and the dangers of substance addiction. To guarantee that kids, particularly those who are dealing with behavioural challenges, receive the appropriate help, schools will also set up counselling programs. By offering cyber hygiene courses, the government is also addressing online safety and digital addiction. Although there is no set schedule for implementation, these courses will instruct students on how to use the internet securely, stay safe from online threats, and develop good screen habits. In addition to digital safety and health, the project raises knowledge of the law. In order to ensure that kids are aware of their rights and are able to recognize dangerous circumstances, police officers will visit schools to teach them about the Protection of Children from Sexual Offences (POCSO) Act. MORAL EDUCATION TO SHAPE VALUES Up until Class 10, moral education will be required for younger pupils. These twice-weekly lectures, which will focus on characteristics like probity, patience, and respect, will emphasize the idea that character development is just as vital as academics. INDOA’S CONTENTIOUS HISTORY OF SEX EDUCATION In India, sex education has long been a contentious issue, and important attempts to implement it have been thwarted. To educate pupils about puberty, sexual health, HIV/AIDS prevention, and related subjects, the National Council of Educational Research and Teaching (NCERT) launched the Adolescence Education Programme (AEP) in 2007. However, parents, conservative organizations, and politicians strongly opposed the initiative. Many states, including Gujarat, Maharashtra, Madhya Pradesh, Karnataka, Rajasthan, Chhattisgarh, and Goa, outlawed sex education in schools as a result of the outcry. NCERT was forced to remove its sex education module from schools as a result of this opposition. The resistance was based on worries that the material was against cultural norms and unsuitable for school-age youngsters. Regarding the implementation of sex education, this dispute demonstrated the conflict between contemporary educational goals and conventional societal norms. Jharkhand launched ‘Udaan’ in 2009, a school-based program for adolescents in Classes 6–11 that emphasizes health education and life skills. Over a million children were impacted by this program in 2019, and it is still going strong today. Despite issues, initiatives to advance comprehensive sex education are still underway in several places, acknowledging its significance for the health and well-being of adolescents. Karnataka’s decision to implement sex education classes is a change from its previous position, although it is unclear if opposition would resurface. UNICEF blasted the government in 2011 for avoiding talking about adolescent health, claiming that keeping information secret endangered children. Although the new program is more in line with international best practices, its effectiveness will rely on how well it is executed and whether or not previous discussions come up again.

Minister Harsh Sanghvi Says Gujarat First State To File Cyber Terrorism Charges In CCTV Leaks, Announces Swift Action

Minister Harsh Sanghvi

Gujarat is the first state to use cyberterrorism charges in CCTV leak cases, according to Minister Harsh Sanghvi, who praised the police’s prompt investigation and response. The Gujarat Police have caught the mastermind of a nationwide CCTV hacking ring, stopping hackers from committing a massive scheme to breach thousands of cameras nationwide. Harsh Sanghvi, the Gujarat State Minister of Home Affairs, announced the arrest in a statement to the Gujarat Assembly. Gujarat is the first state to add cyberterrorism charges to instances involving CCTV breaches, according to Sanghvi. He commended the state government’s quick and calculated response, which was spearheaded by Chief Minister Bhupendra Patel. Minister Harsh Sanghvi intones that to expedite the legal process and guarantee that the case is handled in a fast-track court, the state has designated a special prosecutor. The treatment of a female patient in a private maternity home in Rajkot is the subject of a widely shared video. The footage was a component of a bigger attack that affected thousands of CCTV cameras in India. While simply arresting the medical workers could have dismissed the problem, Sanghvi noted, the Gujarat Police adopted a proactive stance, conducting a thorough investigation and revealing a significant plot. Minister Harsh Sanghvi claims that these hackers used Virtual Private Networks (VPNs) from nations including Atlanta, Romania, Georgia, and Japan to hide their identities. The organization has compromised more than 50,000 CCTV cameras in the past eight months using Telegram channels. The feeds from these cameras originated from movie theatres, private homes, schools, colleges, and corporate offices. The accused ran 22 channels that featured obscene menus connected to the compromised video. After a video of the female patient’s examination went viral on February 17, 2025, Gujarat Police acted right away. The Rajkot incident was quickly the result of investigations after a case was lodged at the Ahmedabad Cyber Crime Police Station. To identify the main sources of the illicit activity, police snuck into Telegram groups and pretended to be subscribers. The hackers were part of a large network that took advantage of WiFi-connected CCTV cameras’ lax security settings, including passwords that were simple to figure out. Public authorities should raise awareness about the significance of protecting digital surveillance systems, Minister Harsh Sanghvi urged. To stop such events, Gujarat Police have also suspended the accused’s bank accounts and sent notifications to social media companies to make sure that unlawful content is taken down.